Supporting Applications Development and Operation Using IT Security and Audit Measures

The market success of the enterprises depends on the ability to support their business processes. This involves the requirement of a seamless, well-ordered operation of the whole company. Operation is greatly affected by the quality of its IT support. The information should be available, handled confidentially, preserving its integrity, have to be processed in a reliable, efficient, effective way, in compliance with the requirements of supervisory authorities. Extending the scope of these information criteria to criteria determining operations quality and adding two business-level requirements to them makes possible to find preventive, detective and corrective, originally information security control measures, raised to the level of operational quality, that support the market success of the institutions. 1. A Method Based on IT Security and Audit for Supporting Corporate Governance The goal is to facilitate the use of the originally information security and information systems audit ideas and tools in the area of corporate governance. In the followings the criteria characterizing such a corporate IT functioning, that is able to contribute to the compliance to a widely accepted set of requirements, are extended to the area of corporate operations. To operations belong every area, that supports business. Corporate finance, controlling, human resource management, and the like all belong here. Without them no business could operate. In order to improve IT processes ISACA (Information Systems Audit and Control Association) was probably the first organization, that collected all these criteria. If we extend the scope of the measures by which some of these criteria can be fulfilled, to other business-supporting areas, then these criteria can also be raised to the level op corporate operations. This possibility of discussing the problems in a greater arena then before, will be illustrated here on a special application, on the service-oriented architectures. 2. Business Goals and Information Security Seamless operation is one of the basic factors of the corporate market success. Improvement of operational quality, and compliance to the requirements coming from government and other authorities are vital. IT applications are non-separably interwoven into the everyday and even into the strategic level activities of every company. Thus to the fulfillment of the strategic business goals, computer applications have to support the – often contradictory – aspects of operation and compliance. An efficient IT of a professionally operating firm follows best practice methods. Good examples are the methodologies of such prominent